tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
43571 commits 1 branch 0 tags 50 MiB
Commit graph

43571 commits

This branch
This branch
All branches
Author SHA1 Message Date
Eric Biggers
122d3f0d20 Merge "Allow vold to rename system_data_file directories" am: 8b703551d8 am: 0038d8f822 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2619901

Change-Id: I204d08a73a9a7ca81f042da54bedfa5ee532c77b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-13 23:21:12 +00:00
Eric Biggers
0038d8f822 Merge "Allow vold to rename system_data_file directories" am: 8b703551d8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2619901

Change-Id: I66f26b92e4b1aad9f086d19249f60aa1d596909b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-13 22:40:36 +00:00
Eric Biggers
8b703551d8 Merge "Allow vold to rename system_data_file directories" 2023-06-13 22:11:39 +00:00
Pawan Wagh
bc0bea24d0 Merge "Add credstore service fuzzer to bindings" am: 767dc6be06 am: e0f268a982 am: 252e98a0dc am: 01a43aec9b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2619904

Change-Id: I9e41833dbd0b22f498cd97f788a84ca73ca9f643
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-13 18:49:29 +00:00
Pawan Wagh
01a43aec9b Merge "Add credstore service fuzzer to bindings" am: 767dc6be06 am: e0f268a982 am: 252e98a0dc 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2619904

Change-Id: I6d6397e345bdb94149fd21a343eaa0a58abed686
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-13 18:03:17 +00:00
Pawan Wagh
252e98a0dc Merge "Add credstore service fuzzer to bindings" am: 767dc6be06 am: e0f268a982 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2619904

Change-Id: I19c47420f69c7e078f487918e92fd262211033e4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-13 17:18:48 +00:00
Pawan Wagh
e0f268a982 Merge "Add credstore service fuzzer to bindings" am: 767dc6be06 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2619904

Change-Id: I80ca6ebfadea23dc48a9d018f1efe6adafef5e52
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-13 16:39:25 +00:00
Eric Biggers
95930cf6a7 Allow vold to rename system_data_file directories 
To fully close a race condition where processes can access per-user
directories before an encryption policy has been assigned, vold is going
to start creating these directories under temporary names and moving
them into place once fully prepared.  To make this possible, give vold
permission to rename directories with type system_data_file.

Bug: 156305599
Bug: 285239971
Change-Id: Iae2c8f7d2dc343e7d177e6fb2e893ecca1796f7f
 2023-06-13 16:22:03 +00:00
Pawan Wagh
767dc6be06 Merge "Add credstore service fuzzer to bindings" 2023-06-13 15:30:53 +00:00
Treehugger Robot
f8a3521348 Merge "Allow app_process to link /data/asan/system_ext/lib/*" am: 06d79cdc4e am: 53931795c0 am: 3f9b4ba712 am: 64044e42c4 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2620909

Change-Id: Ibb66009ed66db6b67ae6358a7e7762142487e2a8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-12 13:45:31 +00:00
Treehugger Robot
64044e42c4 Merge "Allow app_process to link /data/asan/system_ext/lib/*" am: 06d79cdc4e am: 53931795c0 am: 3f9b4ba712 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2620909

Change-Id: Ifdbbad34ee9a65c69cce5b7dce58ed1918d0df02
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-12 13:02:56 +00:00
Treehugger Robot
3f9b4ba712 Merge "Allow app_process to link /data/asan/system_ext/lib/*" am: 06d79cdc4e am: 53931795c0 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2620909

Change-Id: Iddb01049e1fda78da7432538a4bbf986357ea342
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-12 12:17:08 +00:00
Treehugger Robot
53931795c0 Merge "Allow app_process to link /data/asan/system_ext/lib/*" am: 06d79cdc4e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2620909

Change-Id: I54cc818c3cbd8318dbd23c7ac57c358803f8ac5a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-12 11:37:15 +00:00
Treehugger Robot
06d79cdc4e Merge "Allow app_process to link /data/asan/system_ext/lib/*" 2023-06-12 10:54:27 +00:00
Jeff Pu
2c9e698610 Merge "Allow hal_fingerprint_default to have pipe read access" am: f19025e663 am: 80dec42b4b am: caaf7885f8 am: 5129ddefdc 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2605987

Change-Id: I6ffdc40bda99ed3a0797d39565e2217764b6d8a3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-09 21:55:35 +00:00
Jeff Pu
5129ddefdc Merge "Allow hal_fingerprint_default to have pipe read access" am: f19025e663 am: 80dec42b4b am: caaf7885f8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2605987

Change-Id: Ifd30e8837ca67fea19dc44f3a2b4824e0d0ad6a6
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-09 21:12:30 +00:00
Jeff Pu
caaf7885f8 Merge "Allow hal_fingerprint_default to have pipe read access" am: f19025e663 am: 80dec42b4b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2605987

Change-Id: I8c8f0f266b033ca17114d18fb87cce0fbcd74e74
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-09 20:26:25 +00:00
Jeff Pu
80dec42b4b Merge "Allow hal_fingerprint_default to have pipe read access" am: f19025e663 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2605987

Change-Id: I25ce105f8eeaa2b6199c7e7f017fd6f93620b413
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-09 19:42:10 +00:00
Jeff Pu
f19025e663 Merge "Allow hal_fingerprint_default to have pipe read access" 2023-06-09 19:09:58 +00:00
Jeff Pu
1e09f2ebf7 Allow hal_fingerprint_default to have pipe read access 
Bug: 284488745
Test: atest BiometricsE2eTests:BiometricPromptAuthSuccessTest
Change-Id: Ie69193964232b1a6b97877c650182fcdcd5b2cea
 2023-06-09 13:56:28 +00:00
Treehugger Robot
2e74422464 Merge "Allow VMs to log to shell pts" am: 550f10eaeb am: 0fa23e0be1 am: c538798bb0 am: 409639ad09 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2617777

Change-Id: I96d84f94c55730c7ea96178a0ab5ecab8ab301ac
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-09 11:43:01 +00:00
Treehugger Robot
409639ad09 Merge "Allow VMs to log to shell pts" am: 550f10eaeb am: 0fa23e0be1 am: c538798bb0 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2617777

Change-Id: I8571475bb6e8484c27dc1c6f21f84377136deb09
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-09 11:01:11 +00:00
Treehugger Robot
c538798bb0 Merge "Allow VMs to log to shell pts" am: 550f10eaeb am: 0fa23e0be1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2617777

Change-Id: I2eb821ffa291f44e8c4511eee134cf395b381fba
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-09 10:11:13 +00:00
Treehugger Robot
0fa23e0be1 Merge "Allow VMs to log to shell pts" am: 550f10eaeb 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2617777

Change-Id: I9737b5d4a1ca946b6aed006dfb5a14dcb472b2b1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-09 09:29:49 +00:00
Treehugger Robot
550f10eaeb Merge "Allow VMs to log to shell pts" 2023-06-09 09:03:29 +00:00
Jooyung Han
186b4cbb64 Merge "Allow vendor_overlay_file from vendor apex" am: ad08877b4d am: cef75edc33 am: a34197f152 am: 2b60a575e1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2618632

Change-Id: I26ee4fbdb3861d8e7f48cdfad751454a2507b26f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-09 08:46:40 +00:00
Jooyung Han
2b60a575e1 Merge "Allow vendor_overlay_file from vendor apex" am: ad08877b4d am: cef75edc33 am: a34197f152 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2618632

Change-Id: If0392eee00457c2e41d3f2c214405c8ca12f9f04
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-09 08:02:14 +00:00
Inseob Kim
744366d4ba Add missing properties to microdroid am: deaa8b9f4a am: 20a9d569d2 am: 54ba7286ca am: 367845c850 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2106044

Change-Id: I3b68faebd3554efaec433d87855d9c1e154ac349
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-09 07:17:44 +00:00
Jooyung Han
a34197f152 Merge "Allow vendor_overlay_file from vendor apex" am: ad08877b4d am: cef75edc33 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2618632

Change-Id: I7263e36b7f522de5d35b634dead192d3f1fa1da2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-09 07:13:03 +00:00
Inseob Kim
367845c850 Add missing properties to microdroid am: deaa8b9f4a am: 20a9d569d2 am: 54ba7286ca 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2106044

Change-Id: If9cedd91479d5ea33bb986dd880d42f11bf8f7ff
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-09 06:32:49 +00:00
Jooyung Han
cef75edc33 Merge "Allow vendor_overlay_file from vendor apex" am: ad08877b4d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2618632

Change-Id: I762e8a8848868268804b2d9d2012246e5fcc0707
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-09 06:31:34 +00:00
Jooyung Han
ad08877b4d Merge "Allow vendor_overlay_file from vendor apex" 2023-06-09 05:56:20 +00:00
Inseob Kim
54ba7286ca Add missing properties to microdroid am: deaa8b9f4a am: 20a9d569d2 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2106044

Change-Id: I65bc5059e70dbd2ae2d7de3c616c913228130b43
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-09 05:43:33 +00:00
Inseob Kim
20a9d569d2 Add missing properties to microdroid am: deaa8b9f4a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2106044

Change-Id: I847ae3fac14c423243f9e113c1ba1a44bd294aa5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-09 05:01:04 +00:00
Weiwei.Zhang
0179ede5a4 Allow app_process to link /data/asan/system_ext/lib/* 
app_process couldn't map /data/asan/system_ext/lib/libgpud_sys.so
avc:  denied  { execute } for  path="/data/asan/system_ext/lib/libgpud_sys.so"
dev="dm-43" ino=784 scontext=u:r:zygote:s0 tcontext=u:object_r:system_data_file:s0
tclass=file permissive=0

Bug: 286479817
Test: bootup, app_process can work well with asan enabled.
Change-Id: I577105fe1b0c4cb7fa98ccb33eac0f59a0e645f6
 2023-06-09 04:43:52 +00:00
Jooyung Han
7c4f8a87d3 Allow vendor_overlay_file from vendor apex 
Path to vendor overlays should be accessible to those processes with
access to vendor_overlay_file. This is okay when overlays are under
/vendor/overlay because vendor_file:dir is accessible from all domains.
However, when a vendor overlay file is served from a vendor apex, then
the mount point of the apex should be allowed explicitly for 'getattr'
and 'search'.

Bug: 285075529
Test: presubmit tests
Change-Id: I393abc76ab7169b65fdee5aefd6da5ed1c6b8586
 2023-06-09 13:43:11 +09:00
Treehugger Robot
882447b343 Merge "Allow app_zygote to open vendor_overlay_file from vendor apex" am: 9f254ba368 am: e930e1de6b am: 260b8ae48d am: 96b1043fd3 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2618492

Change-Id: I40d4da82073d832a3bdbce9ecd3c7bf2567bf1b3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-09 03:31:49 +00:00
Treehugger Robot
96b1043fd3 Merge "Allow app_zygote to open vendor_overlay_file from vendor apex" am: 9f254ba368 am: e930e1de6b am: 260b8ae48d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2618492

Change-Id: Ic1436426d8d5d3fc1488e56065cb58f8f03cc04a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-09 02:46:32 +00:00
Inseob Kim
deaa8b9f4a Add missing properties to microdroid 
The main motivation is to reduce log spams.

Bug: 268333203
Test: atest MicrodroidTests MicrodroidHostTestCases
Change-Id: Idffdcd7d543590d8c580b2282098d3abd8214f86
 2023-06-09 11:30:24 +09:00
Thiébaud Weksteen
f718efba76 Merge "Grant signal permission for dumpstate on app_zygote" am: 4ba0198325 am: e5705ebae0 am: 3657ef0c2d am: 1fb3d3fa7f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2616609

Change-Id: I47b04d4952b2b1cadcfc718bcbfde1b09fed03d9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-09 02:22:30 +00:00
Treehugger Robot
260b8ae48d Merge "Allow app_zygote to open vendor_overlay_file from vendor apex" am: 9f254ba368 am: e930e1de6b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2618492

Change-Id: I7ba0d0cb62301a4f89a3c2a20fb7997dd5335dc1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-09 02:18:00 +00:00
Treehugger Robot
e930e1de6b Merge "Allow app_zygote to open vendor_overlay_file from vendor apex" am: 9f254ba368 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2618492

Change-Id: I8bef8ca004f5dce791cdfe83b2308ea495cd6c1a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-09 01:55:30 +00:00
Thiébaud Weksteen
1fb3d3fa7f Merge "Grant signal permission for dumpstate on app_zygote" am: 4ba0198325 am: e5705ebae0 am: 3657ef0c2d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2616609

Change-Id: Icf1e64e86a1003732068d3512b0442e219cf934d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-09 01:33:32 +00:00
Treehugger Robot
9f254ba368 Merge "Allow app_zygote to open vendor_overlay_file from vendor apex" 2023-06-09 01:06:38 +00:00
Thiébaud Weksteen
3657ef0c2d Merge "Grant signal permission for dumpstate on app_zygote" am: 4ba0198325 am: e5705ebae0 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2616609

Change-Id: I5cb8d42f9b0c8cda7ed566eecba4e7f16a053155
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-09 00:42:38 +00:00
Pawan Wagh
21f6f52922 Add update service fuzzer to bindings 
Test: m
Bug: 232439428
Change-Id: I9532d1d473d3b053f464df48169dc9b23951a095
 2023-06-09 00:01:54 +00:00
Thiébaud Weksteen
e5705ebae0 Merge "Grant signal permission for dumpstate on app_zygote" am: 4ba0198325 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2616609

Change-Id: Ifaaa76353fac36d8e880ae9684fae0de125aff53
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-08 23:57:12 +00:00
Thiébaud Weksteen
4ba0198325 Merge "Grant signal permission for dumpstate on app_zygote" 2023-06-08 23:22:42 +00:00
Jooyung Han
f108164ddf Allow app_zygote to open vendor_overlay_file from vendor apex 
To read overlay from vendor apex, app_zygote needs to have access to
vendor_apex_metadata_file:dir with {getattr,search} permissions.

Bug: 286320150
Test: atest
CtsExternalServiceTestCases: android.externalservice.cts.ExternalServiceTest#testBindExternalServiceWithZygote
Change-Id: Icef716e6d238936d04c5813c23042ec4b0e28541
 2023-06-09 08:16:16 +09:00
Pawan Wagh
38cfa74af2 Add credstore service fuzzer to bindings 
Test: m
Bug: 232439428
Change-Id: Ie47e0e7a479f130935ada52a28d4e26e3bf07041
 2023-06-08 21:28:46 +00:00